CVE-2017-4960

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-4960

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4960.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-4960

Aliases

GHSA-hxgw-7539-pv7r

Published

2017-03-10T01:59:00Z

Modified

2025-01-14T07:14:34.504773Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

References

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0e3013bda9c13c630f2dd469368b93cb1b73f006

Last affected

4e652a6b5279ea99077fcfc46c5b8842267806c8

Last affected

565bfebb000034c84d7853d4f9d387a8fc84c4bb

Last affected

5e2f5adb0d14312498a80a2b1e0b2e09f2292a11

Last affected

69fc38968ecf6d0748acbfec7aac9ca32cf4ed3d

Last affected

7623ebebfcb3864a979d769c125efffa82a292a4

Last affected

896455cacb36cdb349f14b493fc656cb12985ada

Last affected

9e384778cbbb7f4aca143874cc3eb4dfc697ca8b

Last affected

a2be849438dcb8ded19504742c0d8903eeef0418

Last affected

b339df7cc4eb182c37deb9a9057093c2eb19e135

Last affected

d75d7efa6328e04a4180f7ee18e1307dfa28dc2f

Type: GIT
Repo: https://github.com/cloudfoundry/uaa-release
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

03c13c872ca0fdb1ec317888911fff2628501e2b

Last affected

29a3063e318cd6d93290bc32868d02d1d6719f88

Last affected

5d5ec0136d774da26566ca02f3b25648fd90433a

Last affected

931b883be50ada66631d4193f0faf4693e022249

Last affected

97ba7aaf7858de8da81cd5bc103a6d15e5afa026

Last affected

99f08c77b1f962f4db9b8e05666245d20037402a

Last affected

acff6687d934bf827b809e108c55963a08463f30

Last affected

c8e3c41b598e988d7c60551b4fd5ec9b182c062b

Last affected

d091d849287d64a790237ae8e3e3e535236aae77

Last affected

e19510139156fcef72e9f7453979ec75168e34c9

Last affected

e757604a7bf3186a2bfb43a4bb7909a83873621f

Last affected

fbd252040ba68495902876096dd447452a26bf64

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.10

1.11

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.2.0

2.2.4

2.2.4.1

2.2.5

2.2.6

2.3.0

2.3.1

2.3.1.1

2.4.0

2.4.1

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2

2.7.0

2.7.0.1

2.7.0.2

2.7.0.3

2.7.1

2.7.2

2.7.3

3.*

3.0.0

3.0.1

3.1.0

3.10.0

3.11.0

3.2.0

3.2.1

3.3.0

3.3.0.1

3.4.0

3.4.1

3.4.2

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

Other

ci-upgrade

lenient_hybrid_flow

travis-success-1475

travis-success-1478

travis-success-1497

v10

v11

v12

v13

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v11.*

v11.1

v11.2

v11.3

v12.*

v12.1

v12.2

v12.3